Engadget RSS Feedhttps://www.engadget.com/tag/hacking/rss.xml
https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=trueEngadget RSS Feedhttps://www.engadget.com/tag/hacking/rss.xml
en-usEngadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronicsCopyright 2017 AOL Inc. The contents of this feed are available for non-commercial use only.https://www.engadget.com/2017/09/26/sec-cyber-unit/https://www.engadget.com/2017/09/26/sec-cyber-unit/https://www.engadget.com/2017/09/26/sec-cyber-unit/#comments

The US' Securities and Exchange Commission has to deal with a lot more than classic financial crimes these days: it has to worry about everything from insider trading hacks to the integrity of the latest digital currencies. To that end, it's creating a Cyber Unit that will focus its enforcement team on digital offenses. These include hacks, such as attempts to obtain insider info or to compromise trading platforms and accounts, but that's really just the tip of the iceberg.

States are understandably nervous about the security of voting machines given both the possibility of Russian interference in the 2016 election and machine makers' own shortfalls. And in Virginia's case, officials aren't taking any chances. The state's election board has approved a Department of Elections recommendation to make counties to replace direct-recording electronic voting machines with devices that produce a clear paper trail. Virginia had already instituted a law phasing out touchscreen voting hardware by 2020, but the new move effectively bumps up that end date to November 7th, when the state holds elections for the governorship and other key positions.

Samsung is the latest in a long line of tech titans to announce its very own bug bounty program. As its title suggests, the newly-launched Mobile Security Rewards Program will pay users for reporting vulnerabilities in the company's latest firmware. If you spot a weakness, and back it up with solid research, you could pocket up to $200,000. That's in line with the sums offered by the likes of Google (for Android) and Apple. Like those companies (along with Microsoft, Facebook, and Twitter), the rewards program sees Samsung reaching out to researchers to help squash bugs.

Hacks are often caused by our own stupidity, but you can blame tech companies for a new vulnerability. Researchers from China's Zheijiang University found a way to attack Siri, Alexa and other voice assistants by feeding them commands in ultrasonic frequencies. Those are too high for humans to hear, but they're perfectly audible to the microphones on your devices. With the technique, researchers could get the AI assistants to open malicious websites and even your door if you had a smart lock connected.

Turns out former Vice President (and erratic shooter) Dick Cheney was right all along: Your heart can be hacked. At least if you have a pacemaker, that is. On Tuesday, the FDA recalled 465,000 of the medical devices -- the ones that help control your heart beat -- citing security vulnerabilities. The pacemakers, which come from health company Abbott (formerly St. Jude Medical), require a firmware update. Fortunately, it can be installed by a health care provider in just three minutes. The models affected include the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

White supremacist website Daily Stormer just lost its web domain. In a tweet, GoDaddy claims it's giving the site "24 hours" to move to another domain provider, having found it to be in violation of its terms and services. The announcement came in response to a Twitter appeal from The New Agenda co-founder Amy Siskind, who pointed out an article by the neo-Nazi publication. In the piece, Daily Stormer used obscene language in regards to Heather Heyer -- the woman who was killed in Charlottesville on Saturday after a man rammed his car into a crowd of people. Heyer was among those protesting against the Unite the Right white supremacist rallies over the weekend.

Over 10 years ago, the first iPhone burst on the scene and changed mobile computing forever. But it had a flaw: The baseband (the part that manages all the radios) on the installed Infineon chip could be exploited to run the phone on networks other than AT&T -- which was, at the time, the exclusive provider. Fast-forward to 2017 and that same chip was recently found in various Nissan Leafs built between 2011 and 2015.

Once again a Game of Thrones episode has leaked before its intended release. The fourth part of season seven was shared online through a Google Drive link, and we can confirm it's authentic. The source is unconfirmed but it's likely part of the HBO hack reported on Monday, which included episodes of Ballers, Room 104 and Insecure, as well as thousands of company documents. Game of Thrones is, of course, HBO's crown jewel and any leaks are particularly damaging, both financially and for its public image. It's a feeling the company will be used to, however; back in 2015, four episodes of season five leaked before its series premiere.

Troy Hunt, the security expert behind Have I Been Pwned (HIBP), has released 306 million previously-pwned passwords in a bid to help individuals and companies ramp up their online security. The passwords have been mined from dozens of data breaches, and now anyone can download them for free.

HIBP lets someone see if their email address has appeared in a breach, but doesn't reveal the associated password for that particular compromised service. Now, Hunt -- who has written extensively on password protection -- has flipped the model on its head, making passwords searchable without the associated email address or username.

Facebook played a key role in identifying and stopping Russian interference in the recent French election, a US congressman has revealed. During the attack, Russian intelligence operatives attempted to spy on Emmanuel Macron's election campaign by posing as friends of Macron's and attempting to glean information. This was in conjunction with the previously reported Russian interference, where spies also used fake Facebook accounts to spread misinformation about the French election.

Just last week, Harvard Kennedy School's Belfer Center launched Defending Digital Democracy, an across-the-aisles bipartisan effort to find ways to protect against election hacking. The group includes campaign managers from Hillary Clinton and Mitt Romney's presidential campaigns as well Google and Facebook security staffers. A new report on Reuters says that Facebook will also provide an initial funding of $500,000 to the nonprofit.

China has been active in the field of quantum cryptography lately, and now it's gearing up to use the technology in an "unhackable" government messaging service. While existing internet and telephone cables can easily be tapped, quantum networks send messages embedded in particles of light. If a third party tries to hack the network, the quantum nature of the particles will distort the communication, causing it to be lost.

The threat of hacks disrupting US elections is very real, and enough people are concerned that it's creating some strange bedfellows. Harvard Kennedy School's Belfer Center has launched Defending Digital Democracy, a bipartisan effort to offer technology, strategies and other tools that can protect against election-oriented cyberattacks. And when they say it's an across-the-aisle effort, they mean it. Campaign managers for former presidential candidates Hillary Clinton and Mitt Romney will help lead the group, as will Facebook's security chief, Google's info security director and the co-founder of security firm CrowdStrike. The head of the group is Eric Rosenbach, who was Chief of Staff to recent Defense Secretary Ash Carter.

More information about the scale of attempted election hacks has been released and it involves a rather surprising target -- South Carolina. Donald Trump took the state by 54.9 percent and there was never any doubt that he had the advantage in the historically republican-swinging South Carolina. However, even with almost certain projected results, the state's voter-registration system was hit with nearly 150,000 hack attempts.

Yes, you're reading that headline correctly. In the wake of a meeting at the G20 summit, President Trump has revealed that he talked to Russian President Vladimir Putin about creating an "impenetrable Cyber Security unit" that would protect against "election hacking, & many other negative things." He didn't go into details as to what this meant, but the statement is baffling on its face. Multiple US intelligence agencies have determined that the Russian government conducted an election hacking campaign in the US, targeting the DNC's servers, elections officials and voting systems in a bid to help Trump win. Why would you trust the fox to guard the henhouse, especially when you're already taking heat over allegations of collusion with the Russians? Whether or not you believe the claims are well-founded, it doesn't look good.

George Hotz is intrigued by artificial intelligence. The man who hacked the iPhone and PlayStation 3 as a kid, has moved on to self driving cars with his company Comma AI because of the autonomous vehicle technology's reliance on machine learning. After an initial hiccup that involved the company cancelling a device that would make cars semi-autonomous (because of a run in with regulators), Comma AI is back The new $88 Panda OBD II dongle, like most universal car interfaces, plugs into your car (1996 or newer) and gathers data.

After a report from The London Times that the email addresses and passwords of British cabinet members and other government officials were being traded by Russian hackers, it looks like the inevitable next step has occurred: a cyberattack on the UK parliament.

President Barack Obama learned of Russia's attempts to hack US election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the US to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former US official told The Post.

What's so compelling about Oliver Stone's recent four-part interview series with Vladimir Putin is probably not what the multi-Oscar-winning director intended. It's the same thing that makes his Edward Snowden biopic its own sort of cipher after the fact.

Both have inadvertently — and strangely, by their own design — upset the already shaky foundations of toxic hero worship in the era of hackers, hacktivism and cyber-espionage.

The consequences of a large-scale cyberattack on critical infrastructure was well-documented in May when the UK's healthcare system was brought to its knees by ransomware. Now, despite President Trump promising to develop a "comprehensive plan to protect America's vital infrastructure from cyberattacks", White House senators are pushing the president to take meaningful action following evidence that something similar could be on the cards for the US.

It's Canada's turn to freak out about election hacking. At a news conference held today, the country's Communications Security Establishment (CSE) said it was likely that hackers would try to interfere with its 2019 elections.

As far as anyone knows, there hasn't been a real-life hack attack on someone's pacemaker. Which is surprising. Security researchers have shown us that it's a very real possibility. Even the FTC has been urging connected-medical-device makers to adopt security best practices, with multiple 2017 reports stressing the issue.

Last month, Microsoft took what it called the "highly unusual" step of patching older Windows versions like XP against the WannaCrypt ransomware virus. It's doing the same in June to protect against attacks that are potentially even more sinister. "This month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations," security manager Adrienne Hall wrote in a blog.

Russia's US election meddling was much more widespread than the public has been told, according to a report from Bloomberg. Hackers attacked voting systems in 39 states, accessed campaign finance databases in one state and tried to delete or alter voter data in Illinois. While officials don't believe the attackers changed any results, the situation was serious enough that President Obama took the unusual step of complaining to the Kremlin on "red phone" back channels.

If you're developing a cyberpunk game, apparently you have to watch out for real-life hackers. According to a tweet from CD Projekt Red, "an unidentified individual or individuals" have acquired some internal documents that relate to the company's upcoming title, Cyberpunk 2077. The persons responsible then demanded a ransom for the material, promising to release the material to the general public if their demands weren't met. While this might seem like an elaborate marketing ploy, the company replied to our email for confirmation with an unambiguous, "This is real."